A huge 7-year-old bug has been found that affects hundreds of thousands of apps and devices

Researchers from Google have discovered a serious, seven-year-old
vulnerability in code used by hundreds of thousands of apps and
devices, the BBC
reports.

It affects "glibc" — a library of open-source code. Hackers could
use exploit the bug to crash or take control of services that
make use of glibc.
Google researchers say they have found that "remove code
execution is possible, but not straightforward."

To avoid helping potential attackers, researchers are not
providing the code they used to exploit the bug.

As it happens, Google wasn't the only company looking
at the bug. In a blog post, Google researchers say that the bug
was flagged up to the maintainers of the glibc code back in 2015
— and that security researchers at Red Hat were also
investigating it.

Researchers have now produced a patch that fixes the issue.
People who develop products that use the vulnerable code now need
to roll out the patch.

Professor Alan Woodward at the University of Surrey told the BBC:
"Many people are running around right now trying to work out if
this is truly catastrophic or whether we have dodged a bullet."
But as Ars Technica's Dan Goodin points out, the fact it went
unpatched for seven years — and was discovered by multiple groups
— means it's not unfathomable that it has been discovered and
exploited by malicious third parties.